I would like to use something like that:
def answer_params
params.require(:answer).permit!.without(:user_id)
end
will this work?
params.require(:answer).permit!.except(:user_id)
I just want to put this out here, whitelisting is not DRY. Imagine a JSON API for a document based entry that could have up to 100 (or more) attributes (key value pairs). Generally the only pieces you need concern with are attributes that can escalate privileges like user_id.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With